Security Intermediate

What is Rate Limiting?

A technique that controls the number of requests a client can make to a server within a specified time period.

Rate limiting protects APIs and services from abuse, DDoS attacks, and excessive usage. Common approaches include fixed window (X requests per minute), sliding window (smoother distribution), and token bucket (burst-friendly) algorithms.

Implementation can be per-user, per-IP, or per-API-key. HTTP response headers (X-RateLimit-Limit, X-RateLimit-Remaining, Retry-After) communicate limits to clients. Redis is commonly used to track request counts.

Related Terms

Secret Management

The practice of securely storing, accessing, and rotating sensitive credentials like API keys, passwords, and certificates.

Penetration Testing

An authorized simulated cyberattack on a system to evaluate its security defenses and identify vulnerabilities.

PKI (Public Key Infrastructure)

A framework of policies, hardware, and software for creating, managing, distributing, and revoking digital certificates.

The process of converting readable data into an unreadable format using algorithms, reversible only with the correct key.

Vulnerability Scanning

Automated testing that identifies known security weaknesses in systems, applications, and network infrastructure.

A systematic examination of an information system to assess compliance with security policies, identify vulnerabilities, and verify controls.

View All Security Terms →